LovableLovable

Penetration Tester

1mo ago
EuropeSenior
LovableLovable

Penetration Tester

1mo ago
EuropeSeniorowaspmitre att&ckexploit developmentprivilege escalationlateral movement

Seeking an experienced Penetration Tester to identify vulnerabilities across AI pipelines and software platforms.

Requirements

  • Please submit your application in English. It’s our company language, so you’ll be speaking lots of it if you join.
  • We treat all candidates equally - if you’re interested, please apply through our careers portal.

Other

  • TL;DR: We're looking for a world-class Penetration Tester with a name in the field. You'll push Lovable's platform to its limits, hunt vulnerabilities across our AI pipelines and user-generated code, and make sure attackers never get there before you do.
  • Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Over 2 million people in 200+ countries already use Lovable to launch businesses, automate work, and bring their ideas to life. And we’re just getting started.
  • We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world.
  • 12+ years of hands-on penetration testing experience across web, mobile, APIs, and cloud infrastructure.
  • A track record the field knows about: CVEs to your name, hall-of-fame credits in major bug bounty programs, or a reputation that precedes you.
  • Deep expertise in offensive security techniques: OWASP, MITRE ATT&CK, exploit development, privilege escalation, and lateral movement.
  • Hands-on experience using AI as part of your hacking workflow — not just testing AI systems, but actively leveraging it as an offensive tool.
  • Experience attacking AI-native products or LLM-integrated systems, including prompt injection, model abuse, and data exfiltration vectors.
  • Strong understanding of cloud environments (GCP, AWS, Cloudflare) and the attack surfaces they introduce.
  • Ability to translate complex findings into clear, prioritised reports that engineering teams can act on immediately.
  • Low ego, high output. You collaborate as naturally as you compete against systems.
  • Bonus: experience with red team operations, supply chain attacks, or mobile security (iOS/Android). Familiarity with SAST/DAST tooling.
  • Own offensive security end-to-end: plan and execute penetration tests across Lovable's web platform, mobile surface, APIs, cloud infrastructure, and AI pipelines.
  • Break our AI before others do: probe LLM integrations for prompt injection, jailbreaks, data leakage, and novel attack vectors unique to AI-generated code running in live products.
  • Stress-test user-generated code at scale: identify systemic vulnerabilities introduced when millions of users create and deploy real applications on Lovable.
  • Turn findings into action: work directly with engineering to prioritise, remediate, and verify fixes, closing the loop between discovery and resolution.
  • Raise the security bar org-wide: run internal red team exercises, contribute to threat modelling, and embed an attacker's mindset across the engineering culture.
  • Help make Lovable the most secure AI product in the market.
  • Frontend: React and TypeScript
  • Backend: Golang and Rust
  • Cloud: Cloudflare, GCP, AWS, Modal, multiple LLM providers
  • DevOps & Tooling: GitHub Actions, Grafana, OTEL, infra-as-code (Terraform)
  • Data: Clickhouse, Firestore, Spanner, BigQuery
  • And we're always exploring what's next!